If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Training Tasks

Hey all.
I am looking for suggested reading and projects to familiarize myself with using the tools in BT4.

Some quick background...
I'm brand new to BackTrack and these forums. I just graduate college, studied Computer Engineering (so I am well versed in everything from software down to machine code and processor design). I am now employed by a company that has me on a network / cyber security team, and I am training up to utilize my technical skills in conjunction with security.

So, I have only a bit of experience (yeah im a noob) with network security/hacking tools out there (ive used sniffers, scanners). And I am eager to learn a lot more. I have strong knowledge of networking hardware and protocols, and I hope to take that a step further into practical skills.

I am less interested in breaking Wifi (although fun, ive already done a bunch of that kind of stuff), and more interested in learning how to case a network environment from a remote location, in prep for pen testing. I know a lot of theory behind this but I am in search of a practical project / reading that can help me familiarize with BT4.

Thanks in advance for the advice, and I look forward to getting more involved with BT (maybe even using my coding skills to contribute someday.)

*another note: I am decent with linux, im no guru but its not at all foreign to me. if that influences suggestions at all.

thanks pureh@ate. Seems I should really be looking to professionally taught courses from the get go. As a tack on question:
what are the most respected certs in this field? I am currently pursuing CISSP, what is next best step (maybe CEH?)

Hey all.
I am looking for suggested reading and projects to familiarize myself with using the tools in BT4.
Some quick background...
I'm brand new to BackTrack and these forums. I just graduate college, studied Computer Engineering (so I am well versed in everything from software down to machine code and processor design). I am now employed by a company that has me on a network / cyber security team, and I am training up to utilize my technical skills in conjunction with security.
So, I have only a bit of experience (yeah im a noob) with network security/hacking tools out there (ive used sniffers, scanners). And I am eager to learn a lot more. I have strong knowledge of networking hardware and protocols, and I hope to take that a step further into practical skills.

A better idea before you go and start making mistakes that could cost your company money or you your job would be to advise your manager that you are not versed enough in "cyber security" to be out doing "cyber security assesments. Not trying to discredit you or your KSA's (Knowledge, Skills, Abilities) but there is a huge difference in messing around with a lab machine/network and a production one. At any rate welcome to the forums, there is a plethora of information here, one just needs to research it out.
Good luck.

thanks pureh@ate. Seems I should really be looking to professionally taught courses from the get go. As a tack on question:
what are the most respected certs in this field? I am currently pursuing CISSP, what is next best step (maybe CEH?)

Thank you.

I dont have any of those certs but from what I understand of them there are many like the cissp which are well respected and are good to have for getting jobs. Then there are training courses like offsec which are made by real hackers working currently in the field and are designed to meet the hands on shortcomings of the more respected certs.

So to break it down simply: If you wanna look good on paper get stuff like a cissp, if you really wanna learn how to produce code, work with buffer overflow, scan and exploit remote box's and other hands on practical tasks then offsec is the way to go. Plus the offsec classes can give you those little points (forgot what they are called), that you need for cissp renewal. I'm sure people with a cissp may have differing opinions so just to be clear this is only my opinion.

amael. I'm actually doing this training / research and learning on my own time separate from my job. I'll only be using my own computer to do anything that could be considered unsanctioned. This is one reason I am searching for outside guidance, I currently don't have a funds to take an offsec course (although a year or so down the road I might).

I am really trying to prepare myself for a future project that I am building towards. My current job doesn't entail a full fledged security position, that is what I get to look forward to a little bit down the line. I just want to be the best possible when I get there.

amael. I'm actually doing this training / research and learning on my own time separate from my job. I'll only be using my own computer to do anything that could be considered unsanctioned. This is one reason I am searching for outside guidance, I currently don't have a funds to take an offsec course (although a year or so down the road I might).

I am really trying to prepare myself for a future project that I am building towards. My current job doesn't entail a full fledged security position, that is what I get to look forward to a little bit down the line. I just want to be the best possible when I get there.

Seems I should really be looking to professionally taught courses from the get go.

Professionally taught courses can give you a cert to add on your resume and they can structure and focus your learning, but they aren't the only way to go if you want to learn. Setup your own lab at home and start trying things out. If you cant afford them, check outlines for courses and then try and reproduce this yourself using online resources and purchased books e.g. Hacking the Art of Exploitation. Also check out the free Metasploit course from Offensive Security.

Originally Posted by g0be1

what are the most respected certs in this field? I am currently pursuing CISSP, what is next best step (maybe CEH?)
Thank you.

It depends in which area of computer security you want to specialise in (incident handling, intrusion analysis, computer forensics, penetration testing, etc), and it also depends on your market (where you want to work). A good way to get an idea about this is to check job ads in your chosen area and see what they ask for.

For pen testing the best known certifications are the CEH and GPEN, although there are others, including some based on OSSTMM and the OSCP from Offensive Security. My opinion on the CEH is that it just teaches you to memorise lists of tools. GPEN is better, it teaches process and tools, and there is less memorisation by rote, although the test can be overly focused on the SANS courseware. I have a very high opinion of the OSCP - of all the certifications I have done it provided the best verification of technical ability. The certification is not that well known however and by design it doesn't cover all aspects of a penetration test. If you do the GPEN and OSCP I think this gives pretty good coverage for general penetration testing, but you might need to look at something else such as GWAPT to get good coverage of Web App testing and OSWP or GAWN to get coverage of Wireless testing.

As you can probably tell from the link above though, the SANs stuff is pretty well regarded. My experience with them has been positive as well.

There's a discussion thread on the forums here somewhere about the CISSP that you may want to read, and Ive made comments there. My own opinion on the CISSP is that its not overly useful if you're interested in technical work, its better for documentation work (risk assessments, security documentation preparation, etc). I think the description of the CISSP as being an inch deep and a mile wide sums it up.

Given your stated interest in the information gathering stage of pen testing, Id recommend you look into the PWB Offsec course and the OSCP certification. If you cant afford it (the online version is pretty cheap by the way), then read up on DNS enumeration (reverse, forward brute force, zone transfer), whois enumeration, NetBIOS/SMB enumeration, SNMP enumeration, search engine and web information gathering, host/port scanning, operating system and service identification, etc.

Check out penetration testing frameworks such as ISSAF, OSSTMM and the "Penetration Testing Framework" to get some hints. The Hacking Exposed book also has a pretty good overview.

EDIT:

Originally Posted by archangel.amael

"And strictly speaking, what you are doing doesnt qualify as Pen Testing. Pen Testing is a professional activity that involves systematically testing a set of systems for security weaknesses using defined and repeatable processes, and then reporting on the results providing risk ratings and remediation advice.
What you want to do is more properly referred to as "exploiting" the systems. I would also accept the term "pwning"." Lupin

Just noticed that you were quoting me in your signature!

Awesome.

Yes, that really bothers me when I see newbie posters asking for help about "Pen Testing" their own PC using Metasploit....

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

I would suggest reading thse before you even consider touching another persons computers:

C++ The Language (by the creator, Bjourne)
TCP/IP Illustrated Volumes 1 through 3
Hacking the art of exploitation
Shellcoders handbook
Webhackers handbook
Applied Cryptography
No Tech Hacking (Johnny long)
Hardware hacking: have fun while voidng your warrantee
Understanding the linux kernel (and the windows counterpart)
The Art of Assembly
The entire "Stealing the network" series (this is more for methodologies)

This may seem like alot but if you fish it all you will be quie well versed in everything you need to get at least a few basic certs (probaby more advanced as I swiped a copy of the CEH exam and it was actually uite easy, and this was right after finishing about half of those )

Oh and take lots of breaks, I actually play games, I find if Im absorbing knowledge for hours on end, I usually dont retain it.

Skip anything you feel you are knowledged enough in, but do so at your discretion.

I feel it is better to be a jack of all trades and a master of it all as well

Just noticed that you were quoting me in your signature!
Awesome.
Yes, that really bothers me when I see newbie posters asking for help about "Pen Testing" their own PC using Metasploit....

Yeah when I seen the above it stood out, and I was thinking of a signature change anyhow about the same time, so why not.
Besides in the context of the thread it was hilarious.

@OP There is a lot of good information here, as may have been stated on the forums. The biggest thing is deciphering what is useful and what is not. Not to mention there is a good thread with maybe a billion links to books and other resources on the web, to further you along.